Presentation is loading. Please wait.

Presentation is loading. Please wait.

Strategic threat assessment

Published byIngeborg Axelsson Modified over 5 years ago

Similar presentations

Presentation on theme: "Strategic threat assessment"— Presentation transcript:

1 Strategic threat assessment
helping organizations understand how threat actors Attack vulnerable assets

2 Cyber attacks will remain rampant until businesses prioritize and implement security tools across the entire organization The average cost of a data breach globally continues to rise

3 Every organization faces security risks, but the risks aren’t the same for everyone
Threat actor Motive Impact Personal advantage, monetary gain Sabotage for personal reasons Bribery Disclosure of trade secrets Disrupt business activities Brand damage External Threats Financial gain Collect information for future financial gain  Espionage or influence Regulatory inquiry/penalty Brand/reputation damage Consumer lawsuits Organized crime/ Nation State Political change Pressure business to change their practices Create fear or uncertainty Disrupt business activities Consumer confidence loss Every organization faces security risks, but the risks aren’t the same for everyone. An attacker targeting a retail organization, for example, will likely go after different assets than an attacker targeting a hospital. Within the organization, targets vary, too. An attack on the accounting department might target financial data or employees’ personal information, while an attack on the engineering department might target trade secrets and other intellectual property. Hacktivists

4 Strategic threat assessment from IBM X-Force IRIS
Take Action at Different Levels of Intelligence Outsiders Outsiders 45% 40% TACTICAL OPERATIONAL STRATEGIC MACHINE-TO-MACHINE INTELLIGENCE TO DETECT AND PREVENT THE KNOWN AND UNKNOWN ATTACKS IDENTIFY RISK LEVEL, ATTACKER INSIGHTS, AND PRIORTIZE ALERT RESPONSE THREAT ACTOR AND INDUSTRY INSIGHTS TO STAY AHEAD OF THE ATTACKER AND TAKE ACTIONS HOW DOES IT WORK? Review a client’s key assets to characterize threat events by the typical attackers, the likely infection vectors, and the techniques and procedures that adversaries employ. Our unique understanding of adversaries and their tactics is derived from fusing information gathered at incident response investigations, technical observations, and open sources.

5 It’s vital to understand the types of attackers and where an attack might occur and the procedures attackers are likely to employ What is discovered with STA? What can we do about it? it? Employ malicious code protection mechanisms at entry and exit points to detect and eradicate malicious code. Include practical exercises in security awareness training that simulate actual cyber attacks. Manages excess capacity, bandwidth, or other redundancy to limit the effects of information flooding denial of service attacks. Malicious code execution in unsecured databases Phishing Commodity Malware URL spoofing to gain credentials SQL-attacks Third-party access Credential Theft DDoS Attacks Exploit Kits Removable media Social Engineering Based on data IBM gathers for the client, threats are characterized by types of attackers, common points where an infection might occur and the procedures attackers are likely to employ—information an organization can use to protect itself.

6 Combining our knowledge about threats to a report for senior leaders
Malware Threat Groups Threat Activity Industry Using incident response investigations and technical observations by IBM experts, plus information on previous attacks at the organization and data from open sources, X-Force IRIS assigns a risk rating for the client. It then provides recommendations for improving security measures, such as utilizing threat intelligence to update risk assessment plans or briefing leaders on key threat intelligence regarding attackers, tools, vectors of infection and methods of exfiltration.

7 Through a better understanding of how bad actors behave you can target your company’s protection of asset Prioritize security investment decisions across the business based on potential impact of threat activity from similar firms Inform the board about changing strategic risks to company operations and assets Breakdown internal security silos by developing a common understanding of threats and business harms Implement threat intelligence to enhance enterprise security operations

8 IBM Security provides the expertise, talent, and end-to-end approach you need to deliver value
Unparalleled Expertise Best-in-class Managed Security Services Integrated Approach IBM X-Force® Exchange and Threat Research teams providing zero-day threat alerts to clients Over 1400 employees serving 130+ countries, with a 95% retention rate 35 billion security events analyzed daily across 4,500+ global clients Access to a global network of skilled industry experts Deep industry service delivery experience across numerous types of operations Ability to lead and execute large, transformational projects Integrated portfolio of security services and technology Open ecosystem with technology alliances and 30+ services partners 800+ technical vendor and professional security certifications

9 4/19/2019 Mandatory closing slide with copyright and legal disclaimers.

Download ppt "Strategic threat assessment"

Similar presentations

1© Copyright 2011 EMC Corporation. All rights reserved. The Future of the Advance Soc 3rd Annual Privacy, Access and Security Congress, Ottawa, 2012 Mike.

1© Copyright 2011 EMC Corporation. All rights reserved. The Future of the Advance Soc 3rd Annual Privacy, Access and Security Congress, Ottawa, 2012 Mike.
What is Insider Threat? “Potential damage to the interests of an organization by a person(s) who is regarded, falsely, as loyally working for or on behalf.

What is Insider Threat? “Potential damage to the interests of an organization by a person(s) who is regarded, falsely, as loyally working for or on behalf.
© 2013 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual.

© 2013 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual.
Cyber Resilience Simon Onyons Financial Stability – Resilience Team.

Cyber Resilience Simon Onyons Financial Stability – Resilience Team.
Global Information Security Issues According to the E&Y Global Survey, Managers Say the Right Thing… –90% of 1400 companies surveyed in 66 countries say.

Global Information Security Issues According to the E&Y Global Survey, Managers Say the Right Thing… –90% of 1400 companies surveyed in 66 countries say.
IT Security Readings A summary of Management's Role in Information Security in a Cyber Economy and The Myth of Secure Computing.

IT Security Readings A summary of Management's Role in Information Security in a Cyber Economy and The Myth of Secure Computing.
© Infosys Technologies Limited 2005 - 06 Consulting Services Paul Cole Managing Director – Infosys Consulting.

© Infosys Technologies Limited Consulting Services Paul Cole Managing Director – Infosys Consulting.
Intrusion Detection MIS.5213.011 ALTER 0A234 Lecture 11.

Intrusion Detection MIS ALTER 0A234 Lecture 11.
90% of EU exports consist of product and services of IPR-intensive industries. Among 269 senior risk managers, 53% said IP loss or theft had inflicted.

90% of EU exports consist of product and services of IPR-intensive industries. Among 269 senior risk managers, 53% said IP loss or theft had inflicted.
Topic: Information Security Risk Management Framework: China Aerospace Systems Engineering Corporation (Case Study) Supervisor: Dr. Raymond Choo Student:

Topic: Information Security Risk Management Framework: China Aerospace Systems Engineering Corporation (Case Study) Supervisor: Dr. Raymond Choo Student:
Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.

Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.
Did You Hear That Alarm? The impacts of hitting the information security snooze button.

Did You Hear That Alarm? The impacts of hitting the information security snooze button.
What Keeps You Awake at Night Compliance Corporate Governance Critical Infrastructure Are there regulatory risks? Do employees respect and adhere to internal.

What Keeps You Awake at Night Compliance Corporate Governance Critical Infrastructure Are there regulatory risks? Do employees respect and adhere to internal.
Prepared by: Dinesh Bajracharya Nepal Security and Control.

Prepared by: Dinesh Bajracharya Nepal Security and Control.
Managing the Privacy Function at a Large Company Kimberly S. Gray, Esq., CIPP Chief Privacy Officer Highmark Inc.

Managing the Privacy Function at a Large Company Kimberly S. Gray, Esq., CIPP Chief Privacy Officer Highmark Inc.
Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.

Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.
Managing Data Against Insider Threats Dr. John D. Johnson, CISSP.

Managing Data Against Insider Threats Dr. John D. Johnson, CISSP.
Lesson 7-Managing Risk. Overview Defining risk. Identifying the risk to an organization. Measuring risk.

Lesson 7-Managing Risk. Overview Defining risk. Identifying the risk to an organization. Measuring risk.
Introduction: Information security services. We adhere to the strictest and most respected standards in the industry, including: -The National Institute.

Introduction: Information security services. We adhere to the strictest and most respected standards in the industry, including: -The National Institute.
Connected Security Your best defense against advanced threats Anne Aarness – Intel Security.

Connected Security Your best defense against advanced threats Anne Aarness – Intel Security.

Similar presentations

Ads by Google