Downloaded 10 times
Uploaded byNational Retail Federation
Working Together to Build a Cyber Security Program
The document discusses building a cyber security program through collaboration between loss prevention and IT security teams. It outlines various cyber threats like malware, ransomware, DDoS attacks, and data breaches. The roles of loss prevention are described, including security system reviews, evidence collection, and investigative support. The value of loss prevention in addressing insider threats and assisting law enforcement is emphasized. Finally, resources for learning about cyber security and collaborating across teams are provided.
More Related Content
Similar to Working Together to Build a Cyber Security Program
More from National Retail Federation
Working Together to Build a Cyber Security Program
- 1. 6/28/2017 1 Working Together toBuild a Cyber Security Program David Johnston, Sr. Director, Loss Prevention & Corporate Security, Dunkin' Brands, Inc. Working Together to Build a Cyber Security Program David Johnston Dunkin’ Brands, Inc.
- 2. 6/28/2017 2 Working Together toBuild a Cyber Security Program • Understanding the Cyber Threat Landscape • Building stronger LP / IT Security Relationships • The Value of LP in a Cyber World • Malware • Ransomware • DDoS Attacks • Botnets • Phishing / Social Engineering • Insider Threats • 3rd Party Threat • Data Breaches – Data Loss • Business Disruption • Online / Mobile Fraud • Business Email Compromise • Loyalty Abuse And more… “Cybercrimes costs the global economy more than $450B” – CNBC.com “ Average cost to a US retailer for a successful cyber attack $15.4M” – Forbes “33% of customers will delay shopping at a retailer post data breach; 19% will stop shopping there altogether” - KPMG
- 3. 6/28/2017 3 • 20,000+ restaurantsin 62+ countries • 100% franchised environment • Highly visible brand recognition • Strong digital landscape – Mobile Application (with SVC payment) – Loyalty Program – Points/Coupons – Mobile and Online Ordering • Loyal customer base • Everything touches IT • IT Departments more role-specific • Help Desk • Data and Systems • IT Security • Applications (by Department) • IT Security engaged at higher level • Accreditations / Credentials • Gatekeepers of Control • “Protectors of the Brand” The Evolution of Information Technology Security
- 4. 6/28/2017 4 Physical Security Loss Prevention Information Technology THEN NOW Physical Security Information Security Withincreased use of technology and data in regards to protecting assets, people and property, Physical Security and Information Security now have similar responsibilities How do we play well together to best protect a company? What role can we play as loss prevention? How does LP become part of the core team?
- 5. 6/28/2017 5 Getting into theDiscussions • Education & knowledge • Understand your environment • Build strong relationships • Engage IT in your world • Educate on your value • Educate ourselves • Cyber Security • Attack Methods • Prevention Techniques • Applications (by Department) • Understand Your/The Environment • What is happening now? • How does it affect your company? • How could your team help? Education is a must!
- 6. 6/28/2017 6 • Include ITin your world • Investigative Support • Corporate Security Support • Planning Sessions • Tabletop Exercises • Explain how LP can assist IT • Systems and Technologies • Resources & Process • Connections Build Partnerships with IT March / April 2017 LP’s Role in a Cyber Security Program Physical Security System Management Investigative Process / Deductive Reasoning Interviewing Skills Auditing / Evidence Collection Law Enforcement Engagement
- 7. 6/28/2017 7 LP’s Role ina Cyber Security Program • Security System Review • Access & CCTV Systems • Lead Physical Loss Events • Evidence Collection • Interviewing Suspects • Insider Threat Assessment • Auditing / System Checks • Store Incidents & Events • Provide Contacts • Assistance for/by LE Law Enforcement Engagement Field Support Investigative SupportPhysical Security Assistance Interviewing Skills What role do you play? • Do you have a copy of your company’s cybersecurity program? • Is your function listed as a role within the program? • Are you engaged in tabletop exercises related to cyber/data security? • Are you called upon when an incident or event occurs?
- 8. 6/28/2017 8 Working Together toBuild a Cyber Security Program • Cyber Threats will continue to increase and cause retail business loss • LP/Security professionals need to educate ourselves and talk more frequently about these threats/loss • LP/Security has a role and should be a core member of the program Resources Groups • Infragard (FBI/DHS public-private community) • HSIN (Homeland Security Information Network) • DSAC (FBI public-private CSO group) • Search Cybersecurity Associations THANK YOU FOR YOUR TIME Send Email with Subject Line: Cyber Resources To [email protected] Resources • Infosecurity-magazine.com • CSO Online • ASIS (store – books and publications) • SANS Institute • Online Training (search cybersecurity classes)