Critical Data Points to Assess True Risk of Data Breach - Ali

Download Report

Transcript Critical Data Points to Assess True Risk of Data Breach - Ali

Effective Risk Benchmarking
Benchmark Yourself
Benchmark Third Parties
Benchmark Against Industry
Effective Security Benchmarking
The threat data is Based on the threa
Gather as much threat
businesses get gra
intelligence data as normalized and scored
in a platform and a
possible using non- Using machine
intrusive methods. learning algorithms.benchmarked to o
another.
1
2
3
Data
breach
Actionable Intelligence
Recommen
ded steps
of action
Resolve
issues
Severity
Alerts
CREATE A COLLABORATIVE WORKFLOW
Identify
Vendors At Risk
Vendor Scorecard
Automatically
Updated
Invite Vendors To
View Scorecard
Vendor Works With
Discuss At Risk
Security Scorecard
Areas With
To Remediate
Vendor
AGENDA
ANAYLSIS OF FINANCIAL SERVICES INDUSTRY
Industry Top Performerss in Cybersecurity
10 Most Profitable Companies in Financial Industry
1. Goldman
Sachs
2. Morgan
Stanley
3. JPMorgan
Chase
4. Merrill Lynch
5. Deutsche Bank
6. Citi
7. Barclays
8. UBS
9. HSBC
10.Nomura
How about their
cybersecurity
score? Are they
also performing
well on
security?
However, only
10% of them
received a
grade of A.
8
| W e b : w w w. s e c u r i t y s c o r e c a r d . c o m | Tw i t t e r :
10 Most Profitable Companies in Financial Industry
More findings...
• 8 out of 10 companies:
received a grade of F in Network
Security
• 5 out of 10 companies:
received an F in Patching Cadence
• All of these companies had
malware issues, and
received B or less in IP Reputation
9
| W e b : w w w. s e c u r i t y s c o r e c a r d . c o m | Tw i t t e r :
Weaknesses Across Bottom Performers in Finance
Network Security
80% F, 10% D,
10% C
Social Engineering
60% F, 20% C
IP Reputation (Malware)
50% F, 20% D
How about other companies in Financial industry?
IP Reputation
Score
52%
C or worse
Network
Security
Score
Patching
Cadence
Score
27%
C or worse
45%
D or worse
| W e b : w w w. s e c u r i t y s c o r e c a r d . c o m | Tw i t t e r :
1
Critical Data Point : Malware Infection spikes are a
strong leading breach indicator
Companie
s with a D
or F in IP
reputation
are 3x
more
likely
to
• To calculate
getthe 3X, we
used the IP
breached
Rep scores for
all companies
as of early
March, and
combined it
with our
historical
breach dataset
What types of malware are prevalent in data breaches?
| W e b : w w w. s e c u r i t y s c o r e c a r d . c o m | Tw i t t e r :
Critical Data Point: Leaked Passwords as a Trailing
Breach Indicator
WHAT’S AT RISK
•
Access to confidential
company resources
•
Corporate infrastructure
Critical Data Point: Social Engineering
WHAT’S AT RISK
MEASURING
•
Increased ‘insider’ security incidents
•
Open to spear phishing campaigns
•
•
•
Number of “security” employees
Number of “disgruntled” employees
Indicators of security immaturity
Critical Data Point : End-of-life Product Issue
SecurityScorecard
analyzed 39078
companies, and
discovered
nearly 3700
companies have
experienced
end-of-service
product issues.
| W e b : w w w. s e c u r i t y s c o r e c a r d . c o m | Tw i t t e r :
Critical Data Point: End of Life Products
Most end of life issues
were prevalent in
Education,
Goverment & Telecom
WHAT’S AT RISK
industries.
•
•
Legacy systems
Unsupported software
with critical vulnerabilities
blue = with end-of-life issue, orange = without end-of-life
issue
Most Prevalent End of Life Products
5 most widely used,
unsupported technologies are:
•
Internet Information Services 6.0
•
Internet Information Services 5.1
•
Windows XP
•
Windows Server 2003
•
S5000 Series Switches S5624PWR
End of Life Products More Common in Large
Organizations
Products no longer supported
by the manufacturer are
rampant in companies with:
• 1001 – 5000
employees
• 10,000+ employees
HOW YOUR ENTERPRISE BENEFITS FROM REALTIME
VISIBLITY?
Prioritize and
validate vendor
questionnaires,
onsite visits, and
penetration tests
Onboard
vendors faster
to meet
requirements of
the business
Receive
immediate
notifications of
vendor security
degradation
Expand third
party programs
without
additional staff,
questionnaires,
or penetration
tests
Work with 3rd
parties using
collaborative
workflows to
remediate issues
and improve
security posture
THANK YOU!
FOR MORE
INFORM AT I ON
Ali
A l wa n
Regional
D i r e c t o r,
SecurityScore
card
Address
Security Scorecard
Inc.
22 W. 19th Street floor 9
New York, New York
10016