Effective Risk Benchmarking

Slides:

Advertisements

Similar presentations

Radware DoS / DDoS Attack Mitigation System Orly Sorokin January 2013.

Advertisements

IT:Network:Microsoft Applications

Website Hardening HUIT IT Security | Sep

1 Managed Security. 2 Managed Security provides a comprehensive suite of security services to manage and protect your network assets –Managed Firewall.

© 2009 IDBI Intech, Inc. All rights reserved.IDBI Intech Confidential 1 Information (Data) Security & Risk Mitigation.

InformationWeek 2014 Strategic Security Survey Research Findings © 2014 Property of UBM Tech; All Rights Reserved.

Enterprise Computing Community June , 2010February 27, Information Security Industry View Linda Betz IBM Director IT Policy and Information.

Network Security Resources from the Department of Homeland Security National Cyber Security Division.

Jeyarasan Kasun Amal Iromi Bala Louiqa. 2 Semantic Search Engine for Financial Documents FIBO and taxonomy of certificates of deposit. Ranking Classification.

PATCH MANAGEMENT: Issues and Practical Solutions Presented by: ISSA Vancouver Chapter March 4, 2004.

Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.

© 2014 PayPal Inc. All rights reserved. Confidential and proprietary. Leveraging Information to Detect and Prevent Insider Attacks Phoram Mehta Senior.

Symantec Targeted Attack Protection 1 Stopping Tomorrow’s Targeted Attacks Today iPuzzlebiz

GSHRM Conference Cyber Security Education Shri Cockroft, CISO Piedmont Healthcare, Inc. September 21, 2015.

Where in the world is your data? Data Breach Analysis Angelbeat Seminar Billy Austin, President iScan Online, Inc.

The Real Deal With SIM/SEM The Promise of Security Information / Event Management Scott Sidel Sr. Security Manager Computer Sciences Corp.

© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. State of Network Security.

FFIEC Cyber Security Assessment Tool

Visibility. Intelligence. response Information Security: Risk Management or Business Enablement? Mike Childs Vice President Rook Security.

Cyber Risk Management Solutions Fall 2015 Thomas Compliance Associates, Inc

Infrastructure for the People-Ready Business. Presentation Outline POINT B: Pro-actively work with your Account manager to go thru the discovery process.

©2016 Check Point Software Technologies Ltd. 1 Latest threats…. Rolando Panez | Security Engineer RANSOMWARE.

2© Copyright 2013 EMC Corporation. All rights reserved. Cyber Intelligence Fighting Cyber Crime Insert Event Date LEADERS EDGE.

©2015 Check Point Software Technologies Ltd. 1 [Restricted] ONLY for designated groups and individuals CHECK POINT MOBILE THREAT PREVENTION.

©2012 Check Point Software Technologies Ltd. | [Confidential] For Check Point users and approved third parties Check Point & Security Market June 2013.

1 Current Trends in Enterprise IT Network Security Key Takeaways Based on 100 Survey Responses © 2016 Lumeta Corporation.

Palindrome Technologies all rights reserved © 2016 – PG: Palindrome Technologies all rights reserved © 2016 – PG: 1 Peter Thermos President & CTO Tel:

Welcome Information Security Office Services Available to Counties Security Operations Center Questions.

Tuesday March 15, 2016 Session 19-D Technology Forum David Finkelstein, CIO RiverSpring Health.

Figure 1. Critical Infrastructure Organizations Believe that the Cyber-threat Landscape Is Getting Worse From: ESG Brief: Critical Infrastructure Organizations.

Figure 1. Current Threat Landscape Sentiment From: ESG Research Report: Cyber Supply Chain Security Revisited. Source: Enterprise Strategy Group, 2015.

©2014 Check Point Software Technologies Ltd Security Report “Critical Security Trends and What You Need to Know Today” Nick Hampson Security Engineering.

Figure 1. Current Threat Landscape Sentiment

Increasing Information and Data Security in Today’s Cybersecurity World 2017 Conference Review 6/6/2017.

CYBERSECURITY INCIDENCE IN THE FINANCIAL SERVICES SECTOR March 28, 2017 Presented by Osato Omogiafo Head IT Audit.

Cybersecurity - What’s Next? June 2017

Figure 1. Critical Infrastructure Organizations Believe that the Cyber-threat Landscape Is Getting Worse From: ESG Brief: Critical Infrastructure Organizations.

Automating Security Frameworks

Cisco 2017 Security Annual Report

Corporate Finance Team

Hybrid Management and Security

THR2099 What to do BEFORE all hell breaks loose: Building a modern cybersecurity strategy.

Compliance with hardening standards

© 2016 Global Market Insights, Inc. USA. All Rights Reserved Behavior Analytics Market to surpass $3.5bn by 2024: Global Market Insights,

Third Party Risk Governance in a Diverse Environment

Selecting a Business Continuity Planning Tool

Improving the WiFi Customer Experience

Forensics Week 11.

MEASURE I CITIZEN’S OVERSIGHT COMMITTEE MEETING

Cybersecurity Awareness

Company Overview & Strategy

SAM GDPR Assessment <Insert partner logo here>

11/17/2018 9:32 PM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN.

Cybersecurity compliance for attorneys

CRITICAL INFRASTRUCTURE CYBERSECURITY

Cybersecurity Update Cascade Natural Gas.

Keeping your data, money & reputation safe

Cybercrime and Canadian Businesses

Cyber Security - Protecting Information

PREPARATION – DELETE BEFORE MEETING

Protecting your data with Azure AD

Third-party risk management (TPRM)

Counter APT Counter APT HUNT operations combine best of breed endpoint detection response technology with an experienced cadre of cybersecurity experts.

PREPARATION – DELETE BEFORE MEETING

CyberSecurity Strategy For Defendable ROI

AIR-T11 What We’ve Learned Building a Cyber Security Operation Center: du Case Study Tamer El Refaey Senior Director, Security Monitoring and Operations.

Anatomy of a Common Cyber Attack

Cybriant Partner Partner Program White Label Materials

The state of digital supplier risk management: In partners we trust

Presentation transcript:

Effective Risk Benchmarking Benchmark Yourself Benchmark Third Parties Benchmark Against Industry

Effective Security Benchmarking Gather as much threat intelligence data as possible using non- intrusive methods. 1 The threat data is normalized and scored Using machine learning algorithms. 2 Based on the threat data, businesses get graded in a platform and are benchmarked to one another. 3

Data breach

Recommended steps of action Actionable Intelligence Resolve issues Recommended steps of action Severity Alerts

CREATE A COLLABORATIVE WORKFLOW Identify Vendors At Risk Invite Vendors To View Scorecard Discuss At Risk Areas With Vendor Vendor Works With Security Scorecard To Remediate Vendor Scorecard Automatically Updated

ANAYLSIS OF FINANCIAL SERVICES INDUSTRY AGENDA ANAYLSIS OF FINANCIAL SERVICES INDUSTRY

Industry Top Performerss in Cybersecurity

10 Most Profitable Companies in Financial Industry Goldman Sachs Morgan Stanley JPMorgan Chase Merrill Lynch Deutsche Bank Citi Barclays UBS HSBC Nomura How about their cybersecurity score? Are they also performing well on security? However, only 10% of them received a grade of A. Companies that generate the most revenue, how are they performing on cybersecurity?

10 Most Profitable Companies in Financial Industry More findings... 8 out of 10 companies: received a grade of F in Network Security 5 out of 10 companies: received an F in Patching Cadence All of these companies had malware issues, and received B or less in IP Reputation For companies that generate the most revenue, how are they performing on cybersecurity?

Weaknesses Across Bottom Performers in Finance Network Security 80% F, 10% D, 10% C Social Engineering 60% F, 20% C IP Reputation (Malware) 50% F, 20% D

How about other companies in Financial industry? IP Reputation Score 52% C or worse Network Security Score 45% D or worse Patching Cadence Score 27% C or worse

Critical Data Point : Malware Infection spikes are a strong leading breach indicator Companies with a D or F in IP reputation are 3x more likely to get breached To calculate the 3X, we used the IP Rep scores for all companies as of early March, and combined it with our historical breach dataset for the last six months (Sep '15 through March ‘16).

What types of malware are prevalent in data breaches? Data Source: malware_details_non_breached.csv

Critical Data Point: Leaked Passwords as a Trailing Breach Indicator WHAT’S AT RISK Access to confidential company resources Corporate infrastructure

Critical Data Point: Social Engineering WHAT’S AT RISK Increased ‘insider’ security incidents Open to spear phishing campaigns Number of “security” employees Number of “disgruntled” employees Indicators of security immaturity MEASURING

Critical Data Point : End-of-life Product Issue SecurityScorecard analyzed 39078 companies, and discovered nearly 3700 companies have experienced end-of-service product issues.

Critical Data Point: End of Life Products Most end of life issues were prevalent in Education, Goverment & Telecom industries. WHAT’S AT RISK Legacy systems Unsupported software with critical vulnerabilities blue = with end-of-life issue, orange = without end-of-life issue

Most Prevalent End of Life Products 5 most widely used, unsupported technologies are: Internet Information Services 6.0 Internet Information Services 5.1 Windows XP Windows Server 2003 S5000 Series Switches S5624-PWR

End of Life Products More Common in Large Organizations Products no longer supported by the manufacturer are rampant in companies with: 1001 – 5000 employees 10,000+ employees

HOW YOUR ENTERPRISE BENEFITS FROM REALTIME VISIBLITY? Onboard vendors faster to meet requirements of the business Prioritize and validate vendor questionnaires, onsite visits, and penetration tests Receive immediate notifications of vendor security degradation Work with 3rd parties using collaborative workflows to remediate issues and improve security posture Expand third party programs without additional staff, questionnaires, or penetration tests

THANK YOU! Ali Alwan FOR MORE INFORMATION Address Regional Director, SecurityScorecard Address Security Scorecard Inc. 22 W. 19th Street - floor 9 New York, New York 10016