Presentation is loading. Please wait.

Presentation is loading. Please wait.

Effective Risk Benchmarking

Published byLorraine Lang Modified over 5 years ago

Similar presentations

Presentation on theme: "Effective Risk Benchmarking"— Presentation transcript:

1 Effective Risk Benchmarking
Benchmark Yourself Benchmark Third Parties Benchmark Against Industry

2 Effective Security Benchmarking
Gather as much threat intelligence data as possible using non- intrusive methods. 1 The threat data is normalized and scored Using machine learning algorithms. 2 Based on the threat data, businesses get graded in a platform and are benchmarked to one another. 3

3 Data breach

4 Recommended steps of action
Actionable Intelligence Resolve issues Recommended steps of action Severity Alerts

5 CREATE A COLLABORATIVE WORKFLOW
Identify Vendors At Risk Invite Vendors To View Scorecard Discuss At Risk Areas With Vendor Vendor Works With Security Scorecard To Remediate Vendor Scorecard Automatically Updated

6 ANAYLSIS OF FINANCIAL SERVICES INDUSTRY
AGENDA ANAYLSIS OF FINANCIAL SERVICES INDUSTRY

7 Industry Top Performerss in Cybersecurity

8 10 Most Profitable Companies in Financial Industry
Goldman Sachs Morgan Stanley JPMorgan Chase Merrill Lynch Deutsche Bank Citi Barclays UBS HSBC Nomura How about their cybersecurity score? Are they also performing well on security? However, only 10% of them received a grade of A. Companies that generate the most revenue, how are they performing on cybersecurity?

9 10 Most Profitable Companies in Financial Industry
More findings... 8 out of 10 companies: received a grade of F in Network Security 5 out of 10 companies: received an F in Patching Cadence All of these companies had malware issues, and received B or less in IP Reputation For companies that generate the most revenue, how are they performing on cybersecurity?

10 Weaknesses Across Bottom Performers in Finance
Network Security 80% F, 10% D, 10% C Social Engineering 60% F, 20% C IP Reputation (Malware) 50% F, 20% D

11 How about other companies in Financial industry?
IP Reputation Score 52% C or worse Network Security Score 45% D or worse Patching Cadence Score 27% C or worse

12 Critical Data Point : Malware Infection spikes are a strong leading breach indicator
Companies with a D or F in IP reputation are 3x more likely to get breached To calculate the 3X, we used the IP Rep scores for all companies as of early March, and combined it with our historical breach dataset for the last six months  (Sep '15 through March ‘16).

13 What types of malware are prevalent in data breaches?
Data Source: malware_details_non_breached.csv

14 Critical Data Point: Leaked Passwords as a Trailing Breach Indicator
WHAT’S AT RISK Access to confidential company resources Corporate infrastructure

15 Critical Data Point: Social Engineering
WHAT’S AT RISK Increased ‘insider’ security incidents Open to spear phishing campaigns Number of “security” employees Number of “disgruntled” employees Indicators of security immaturity MEASURING

16 Critical Data Point : End-of-life Product Issue
SecurityScorecard analyzed companies, and discovered nearly 3700 companies have experienced end-of-service product issues.

17 Critical Data Point: End of Life Products
Most end of life issues were prevalent in Education, Goverment & Telecom industries. WHAT’S AT RISK Legacy systems Unsupported software with critical vulnerabilities blue = with end-of-life issue, orange = without end-of-life issue

18 Most Prevalent End of Life Products
5 most widely used, unsupported technologies are: Internet Information Services 6.0 Internet Information Services 5.1 Windows XP Windows Server 2003 S5000 Series Switches S5624-PWR

19 End of Life Products More Common in Large Organizations
Products no longer supported by the manufacturer are rampant in companies with: 1001 – 5000 employees 10,000+ employees

20 HOW YOUR ENTERPRISE BENEFITS FROM REALTIME VISIBLITY?
Onboard vendors faster to meet requirements of the business Prioritize and validate vendor questionnaires, onsite visits, and penetration tests Receive immediate notifications of vendor security degradation Work with 3rd parties using collaborative workflows to remediate issues and improve security posture Expand third party programs without additional staff, questionnaires, or penetration tests

21 THANK YOU! Ali Alwan FOR MORE INFORMATION Address
Regional Director, SecurityScorecard Address Security Scorecard Inc. 22 W. 19th Street - floor 9 New York, New York 10016

Download ppt "Effective Risk Benchmarking"

Similar presentations

Radware DoS / DDoS Attack Mitigation System Orly Sorokin January 2013.

Radware DoS / DDoS Attack Mitigation System Orly Sorokin January 2013.
IT:Network:Microsoft Applications

IT:Network:Microsoft Applications
Website Hardening HUIT IT Security | Sep 30 2011.

Website Hardening HUIT IT Security | Sep
1 Managed Security. 2 Managed Security provides a comprehensive suite of security services to manage and protect your network assets –Managed Firewall.

1 Managed Security. 2 Managed Security provides a comprehensive suite of security services to manage and protect your network assets –Managed Firewall.
© 2009 IDBI Intech, Inc. All rights reserved.IDBI Intech Confidential 1 Information (Data) Security & Risk Mitigation.

© 2009 IDBI Intech, Inc. All rights reserved.IDBI Intech Confidential 1 Information (Data) Security & Risk Mitigation.
InformationWeek 2014 Strategic Security Survey Research Findings © 2014 Property of UBM Tech; All Rights Reserved.

InformationWeek 2014 Strategic Security Survey Research Findings © 2014 Property of UBM Tech; All Rights Reserved.
Enterprise Computing Community June 13 - 15, 2010February 27, 2010 1 Information Security Industry View Linda Betz IBM Director IT Policy and Information.

Enterprise Computing Community June , 2010February 27, Information Security Industry View Linda Betz IBM Director IT Policy and Information.
Network Security Resources from the Department of Homeland Security National Cyber Security Division.

Network Security Resources from the Department of Homeland Security National Cyber Security Division.
Jeyarasan Kasun Amal Iromi Bala Louiqa. 2 Semantic Search Engine for Financial Documents FIBO and taxonomy of certificates of deposit. Ranking Classification.

Jeyarasan Kasun Amal Iromi Bala Louiqa. 2 Semantic Search Engine for Financial Documents FIBO and taxonomy of certificates of deposit. Ranking Classification.
PATCH MANAGEMENT: Issues and Practical Solutions Presented by: ISSA Vancouver Chapter March 4, 2004.

PATCH MANAGEMENT: Issues and Practical Solutions Presented by: ISSA Vancouver Chapter March 4, 2004.
Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.

Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.
© 2014 PayPal Inc. All rights reserved. Confidential and proprietary. Leveraging Information to Detect and Prevent Insider Attacks Phoram Mehta Senior.

© 2014 PayPal Inc. All rights reserved. Confidential and proprietary. Leveraging Information to Detect and Prevent Insider Attacks Phoram Mehta Senior.
Symantec Targeted Attack Protection 1 Stopping Tomorrow’s Targeted Attacks Today iPuzzlebiz

Symantec Targeted Attack Protection 1 Stopping Tomorrow’s Targeted Attacks Today iPuzzlebiz
GSHRM Conference Cyber Security Education Shri Cockroft, CISO Piedmont Healthcare, Inc. September 21, 2015.

GSHRM Conference Cyber Security Education Shri Cockroft, CISO Piedmont Healthcare, Inc. September 21, 2015.
Where in the world is your data? Data Breach Analysis Angelbeat Seminar Billy Austin, President iScan Online, Inc.

Where in the world is your data? Data Breach Analysis Angelbeat Seminar Billy Austin, President iScan Online, Inc.
The Real Deal With SIM/SEM The Promise of Security Information / Event Management Scott Sidel Sr. Security Manager Computer Sciences Corp.

The Real Deal With SIM/SEM The Promise of Security Information / Event Management Scott Sidel Sr. Security Manager Computer Sciences Corp.
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. State of Network Security.

© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. State of Network Security.
FFIEC Cyber Security Assessment Tool

FFIEC Cyber Security Assessment Tool
Visibility. Intelligence. response Information Security: Risk Management or Business Enablement? Mike Childs Vice President Rook Security.

Visibility. Intelligence. response Information Security: Risk Management or Business Enablement? Mike Childs Vice President Rook Security.
Cyber Risk Management Solutions Fall 2015 Thomas Compliance Associates, Inc. 2015.

Cyber Risk Management Solutions Fall 2015 Thomas Compliance Associates, Inc

Similar presentations

Ads by Google