Presentation is loading. Please wait.

Presentation is loading. Please wait.

Is Security Worth It? Alex Lauerman. Who is Alex? FishNet Security Veracode TrustFoundry SecKC.

Published byBrendan Webb Modified over 9 years ago

Similar presentations

Presentation on theme: "Is Security Worth It? Alex Lauerman. Who is Alex? FishNet Security Veracode TrustFoundry SecKC."— Presentation transcript:

1 Is Security Worth It? Alex Lauerman

2 Who is Alex? FishNet Security Veracode TrustFoundry SecKC

3 Why am I talking? Don’t like security being a checkbox I want security to be driven by its value Want to do better at the stock market Goal is to help understand cost of insecurity

4 What will I talk about? Cost Factors of a Data Breach Previous Research My Research Analysis of impact of data breach

5 What is a data breach? Accidental or intentional loss of: Personally Identifiable Information Financial Information Confidential Company Information Intellectual Property Health Information

6 What are the cost factors? Incident Response Communications Compensation Legal defense Regulatory Fines Indirect Loss of productivity Loss of customers Lost competitive edge

7 Ways to measure cost of breach Fixed Per Record (Variable) Add factors individually Estimate based on previous breach costs

8 Sources of Breaches datalossdb.org databreaches.net www.privacyrights.org www.idtheftcenter.org Google

9 DataLossDB

10 Information is Beautiful

11 Previous Research Ponemon Gold standard in data breach costs Brush Creek Partners – Cyber Liability Insurance Academic Sources Risk Centric Security (YouTube “Deconstructing Data Breach Cost”)

12 Previous Research – Ponemon Average cost of data breach $188/record (2013) Average cost of data breach $201/record (2014) Average number of records breached in US: 28,765 (2013) “The results show that a probability of a material data breach involving a minimum of 10,000 records is more than 22 percent.” “India and Brazil have the highest estimated probability of occurrence at 30 percent, while Germany has an approximate 2 percent rate of occurrence.”

13 Previous Research – Ponemon Total Average cost per US breach: $5,403,644 (2013) $5.85 (2014)

14 Previous Research – Ponemon Cost of data breach by size (2013)

15 Previous Research – Ponemon Cost of data breach by size (2014)

16 Previous Research – Ponemon Breakdown by industry

17 Previous Research – Ponemon Customer churn

18 Previous Research – Ponemon Cost of data breach per record – Causation or correlation? Adobe example Target example

19 Research – Brush Creek Partners Leverage Ponemon research Insurance cost is based on revenue and line of business Retail Inexpensive Healthcare & Financial - Expensive (fines) Encourage or require good security <10% of companies have cyber liability insurance

20 Previous Research – Risk Centric Security Lots of charts Direct Costs DSW Shoes – ~$4.64 – 6.79 per record TJX –: $1.90 – $2.12 per record Heartland Payment Systems – $0.90 per record Sony – $1.17 per record Global Payments - $15.71 - $80 per record South Carolina DoR - $3 - $5 per record

21 Previous Research – Stock Prices Gatzlaff -.84% 1 day after a breach Tomáš Klíma Data breaches impact stock prices Hovav Financial revenue most impact Vandal attacks have lower impact DoS almost no affect Cavusoglu 2.1% decrease in value in two days following the breach Morse Abnormal negative stock price returns SecurityNinja

22 Delayed Impact - Target Breach rumors Dec 18 Announcement Dec 19th

23 Efficient Market Hypothesis Stock prices reflect the information available We can use this to determine the affect of data breaches “maybe the market isn’t quite as efficient as you think” – Charlie Munger in response to Efficient Market Hypothesis

24 Quantitative Trading Trading strategies based on quantitative analysis which rely on mathematical computations and number crunching to identify trading opportunities. --investopedia

25 Quantitative Trading

26 Quantitative Trading Example Security that holds gold (GLD ETF) Track gold miners (GDX ETF)

27 Quantopian

28 Quantopian Example

29 Breach Trading Algorithm Tracks stock prices in relation to the date of their security breaches

30 Be warned

31 30-Day After Breach Transactions DATESECURITYTRANSACTION# SHARESPRICE$ AMOUNTCHANGE 2007-01-16TJXBUY6688$14.84$99,216.48-3.7% 2007-02-19TJXSELL-6688$14.29($95,538.08) 2009-01-19HPYBUY6464$14.22$91,918.08-45.1% 2009-02-19HPYSELL-6464$7.80($50,419.20) 2011-03-16EMCBUY3952$25.59$101,131.684.3% 2011-04-18EMCSELL-3952$26.68($105,439.36) 2011-04-25SNEBUY3324$29.80$99,055.20-10.0% 2011-05-26SNESELL-3324$26.83($89,182.92) 2011-08-29VDSIBUY13458$7.03$94,609.74-27.9% 2011-09-29VDSISELL-13458$5.07($68,218.60) 2013-10-02ADBEBUY1940$50.91$98,765.407.5% 2013-11-04ADBESELL-1940$54.75($106,215.00) 2013-12-18TGTBUY1573$62.17$97,793.41-5.2% 2014-01-21TGTSELL-1573$58.96($92,744.08)

32 30-Day Transactions List (SPY Indexed) DATESECURITYTRANSACTION# SHARESPRICE$ AMOUNT 2007-01-16TJXBUY6688$14.84$99,216.48 2007-01-16SPYSELL-699$142.97($99,936.03) 2007-02-19TJXSELL-6688$14.29($95,538.08) 2007-02-19SPYBUY699$146.13$102,144.87 2009-01-19SPYSELL-1176$80.59($94,773.84) 2009-01-19HPYBUY6464$14.22$91,918.08 2009-02-19SPYBUY1176$77.44$91,069.44 2009-02-19HPYSELL-6464$7.80($50,419.20) 2011-03-16EMCBUY3952$25.59$101,131.68 2011-03-16SPYSELL-792$127.77($101,193.84) 2011-04-18EMCSELL-3952$26.68($105,439.36) 2011-04-18SPYBUY792$131.32$104,005.44

33 30-Day Algorithm (SPY Indexed)

34 30-Days After Breach – Stock Price SECURITYCHANGES&P 500BENCHMARKED RETURN Adobe7.5%5.1%2.4% EMC4.3%2.7%1.6% Heartland Payment Systems-45.1%-4.1%-41.1% Lockheed Martin2.7%-3.0%5.7% Sony-10.0%-1.0%-9.0% Target-5.2%1.5%-6.7% TJX-3.7%2.1%-5.8% Vasco Data Security-27.9%-7.0%-20.9% Average-9.67%-9.22% Median-4.44%-6.26%

35 30-Days After Breach – Cost to Company SECURITYBENCHMARKMARKET CAP (B) ADJUSTED COST (B) Adobe2.4%29.60.716 EMC1.6%52.080.821 Heartland Payment Systems-41.1%1.45-0.596 Lockheed Martin5.7%52.743.019 Sony-9.0%18.14-1.630 Target-6.7%37.44-2.503 TJX-5.8%41.03-2.393 Vasco Data Security-20.9%0.45-0.094 Average-9.22% 29.12-0.332 Median-6.26% 33.52-0.344

36 Results – Market Capitalization 1 Day30 Days90 Days180 Days365 Days Algorithm-44.4%-70.1%-44.0%-62.1%-58.3% Average per stock -5.5%-8.76%-5.5%-7.76%-7.28%

37 How to trade with this info Short sell a company immediately following a breach A data breach may be worth more to people who invest with that information

38 Tro LLC

39

40 How to make business decisions with this Need to understand factors If your company is publically traded, factors should roughly add up to stock price Use this algorithm to generate data for companies similar to yours

41 How to make business decisions with this Threat model your organization What could go wrong? Examine data and estimate impact

42 Questions Slides: trustfoundry.net alex.lauerman@trustfoundry.net @alexlauerman 913.271.7789

Download ppt "Is Security Worth It? Alex Lauerman. Who is Alex? FishNet Security Veracode TrustFoundry SecKC."

Similar presentations

FINANCIAL MANAGEMENT I AND II

FINANCIAL MANAGEMENT I AND II
Adding New Enterprises: The Financial Aspects Dr. Alex White Virginia Tech 540-231-3132.

Adding New Enterprises: The Financial Aspects Dr. Alex White Virginia Tech
CHAPTER 4 BOND PRICES, BOND YIELDS, AND INTEREST RATE RISK.

CHAPTER 4 BOND PRICES, BOND YIELDS, AND INTEREST RATE RISK.
Pricing Risk Chapter 10.

Pricing Risk Chapter 10.
Chapter 1 - An Introduction to Financial Management Chapter 1 - An Introduction to Financial Management  2005, Pearson Prentice Hall.

Chapter 1 - An Introduction to Financial Management Chapter 1 - An Introduction to Financial Management  2005, Pearson Prentice Hall.
Chapter © 2010 South-Western, Cengage Learning Investing in Stocks 12.1 12.1Evaluating Stocks 12.2 12.2Buying and Selling Stock 12.

Chapter © 2010 South-Western, Cengage Learning Investing in Stocks Evaluating Stocks Buying and Selling Stock 12.
Investment Companies Economics 71a: Spring 2007 Mayo 17, Malkiel 8 Lecture 4.8.

Investment Companies Economics 71a: Spring 2007 Mayo 17, Malkiel 8 Lecture 4.8.
The costs and benefits related to cyber security breaches Chapter 3 – Gordon & Loeb.

The costs and benefits related to cyber security breaches Chapter 3 – Gordon & Loeb.
23 Flexible Budgets and Performance Analysis Principles of Accounting

23 Flexible Budgets and Performance Analysis Principles of Accounting
© The McGraw-Hill Companies, Inc., 2005 McGraw-Hill/Irwin 25-1 REWARDING BUSINESS PERFORMANCE Chapter 25.

© The McGraw-Hill Companies, Inc., 2005 McGraw-Hill/Irwin 25-1 REWARDING BUSINESS PERFORMANCE Chapter 25.
1 (of 25) FIN 200: Personal Finance Topic 17–Stock Analysis and Valuation Lawrence Schrenk, Instructor.

1 (of 25) FIN 200: Personal Finance Topic 17–Stock Analysis and Valuation Lawrence Schrenk, Instructor.
Market Efficiency Chapter 10.

Market Efficiency Chapter 10.
Statement of Cash Flows What information? –Cash lifeblood of organization –If not generate enough – not meet obligations, not stay in business Interrelationships.

Statement of Cash Flows What information? –Cash lifeblood of organization –If not generate enough – not meet obligations, not stay in business Interrelationships.
Analyzing Financial Statements 9/01/03

Analyzing Financial Statements 9/01/03
 Broad-based health care company that discovers, develops, manufactures, and markets products and services  Abbott's main businesses: ◦ Global pharmaceuticals.

 Broad-based health care company that discovers, develops, manufactures, and markets products and services  Abbott's main businesses: ◦ Global pharmaceuticals.
Vicentiu Covrig 1 Mutual funds Mutual funds. Vicentiu Covrig 2 Diversification Professional management Low capital requirement Reduced transaction costs.

Vicentiu Covrig 1 Mutual funds Mutual funds. Vicentiu Covrig 2 Diversification Professional management Low capital requirement Reduced transaction costs.
MSE608C – Engineering and Financial Cost Analysis

MSE608C – Engineering and Financial Cost Analysis
NASAA 2010 Investment Adviser Training Exchange Traded Funds (ETFs) & Leveraged ETFs Chad Hartwick State of Michigan.

NASAA 2010 Investment Adviser Training Exchange Traded Funds (ETFs) & Leveraged ETFs Chad Hartwick State of Michigan.
Week 10 DIFD 321 Accounting & Finance. WHAT IS MARKETING? The action or business of promoting and selling products or services, including market research.

Week 10 DIFD 321 Accounting & Finance. WHAT IS MARKETING? The action or business of promoting and selling products or services, including market research.
Chapter 7 The Stock Market, The Theory of Rational Expectations, and the Efficient Market Hypothesis.

Chapter 7 The Stock Market, The Theory of Rational Expectations, and the Efficient Market Hypothesis.

Similar presentations

Ads by Google