SlideShare uma empresa Scribd logo
1 de 17
Baixar para ler offline
© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved.
Data-driven storytelling and security
stakeholder engagement
David Grady
Security Evangelist
Verizon Enterprise Solutions
F N D 3 2 6 - S
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or
distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement.
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or
distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement.
To rally your coalition, focus on outcomes, not the process.
Enhanceyour visibility
of cyber risk
Minimize impact and
quickly restore
operations
Detect and respond
to cyber attacks
faster
Protect the attack
surface
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or
distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement.
Rocket science is important, of course…
• VerizonRisk Report
• VerizonThreat Intelligence
Platform
• Vulnerabilitymanagement
o Vulnerability management
o Penetration testing
• Securityrisk assessment &
complianceservices
o Business Security Assessment
o Security Architecture Review (SAR)
o PCI Compliance
o Operational technology security
assessment
o Device testing and certification (ICSA)
o Asset discovery / classification
• Securitystrategyadvisory
• Securegateway solutions
o Secure Cloud Gateway
o Virtual Network Services - Security
o Managed Trusted Internet Protocol
• Device& endpointmanagement
o Device Health and Availability
o Policy & Configuration Management
• Web defense
o DDOS Shield
o DNS Safeguard
o Email security
• Identity& access management
solutions
o Managed Certificate Services
o Verizon ID (Identity Verification)
• Cloud securitysolutions
• Mobilesecuritysolutions
o Enterprise Mobility Management (MDM?)
o IoT Security Credentialing
• Softwaredefinedperimeter
• Manageddetection& response
solutions
o Managed Security Services-Analytics
o Network detection & responsesolutions
o Autonomous Threat Hunting
o Managed endpoint detection (Cylance
Optics)
• Managedendpointsolutions
• MachineState Integrity
• Deception-as-a-service
• HybridSOC solutions
o Managed SIEM
o Advanced Security Operations Center
• Breach investigationsand
response
• Rapid responseretainer
• Attack detectionassessment
• Incidentresponseplanning
Enhanceyour visibility
of cyber risk
Minimize impact and
quickly restore
operations
Detect and respond
to cyber attacks
faster
Protect the attack
surface
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or
distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 5
Failure (to communicate effectively) is not an option.
Despite working harder than ever, CISOs
and their teams appear to be losing the
“perception battle.”
Effective storytelling can rectify this.
% of organizational leaders are briefed
on risk topics at every senior leadership
meeting despite security being a top
concern
% of board directors and C-level execs
say they lack confidence in their
organization’s level of cybersecurity
87
% of organizations believe that
malicious attacks are on the rise y/y,
but 48% lack confidence in their teams’
ability to address complex attacks
21
53
Source: 2017 ISACA State of Cyber Security Report.
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or
distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement.
Use data to tell stories.
• Leverage available research to help
stakeholders understand cyber
threats.
• Use data to focus attention on the
probability of a specific type of
compromise, rather than every
possibility.
• Actively engage stakeholders across
the entire organization.
• Collaborate on risk tolerance,
security priorities and incident
response.
7
Use stories to educate and influence your stakeholders.
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or
distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement.
Use it to validate your strategy, course-correct – and tell stories that lead to action.
2019 Data Breach Investigations Report (DBIR) is brimming
with actionable security data.
8
12 years
86 countries
73 contributors
41,686 security incidents
2,013 data breaches
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or
distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement.
Back in 2014 we identified nine incident patterns
that cover most of the threats likely to be faced.
98.5% of security incidents and 88.0% of
confirmed data breaches continue to fall into
these patterns across the 2019 report.
Pattern consistency allows security professionals
to prioritize spend when looking at investments in
IT/OT/IoT Security.
Key DBIR findings.
9
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or
distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement.
10
Shift in attacker
behavior towards
cloud-based services
Compromise of web-based email
accounts using stolen credentials
(98%) is rising (seen in 60% of
attacks involving hacking a web
application.)
Publishing errors in the cloud are
increasing year-over-year, exposing
at least 60 million records analyzed
in the DBIR dataset. This
(misconfiguration) accounts for 21%
of breaches caused by errors.
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or
distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement.
Unbroken Chains – Path-based attack analysis
11
• Most of the successful attacks are short, likely because it is both cheaper and easier for the attacker (or the breach is simply due to
a single error).
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or
distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement.
Unbroken Chains – Path-based attack analysis
12
• When you examine the
attack paths, the “malware”
threat action variety usually
doesn't begin a breach (it is
normally a second or later
step in the compromise).
• Also, breaches rarely end
with a “social” action (so if
you see a social attack, you
can expect more to follow).
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or
distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement.
• One quarter of all breaches are still associated with espionage.
• External threat actors are still the primary force behind attacks
(69% of breaches) with insiders accounting for 34%.
• Chip and PIN payment technology has started delivering security
dividends - the number of payment card web application
compromises is close to exceeding the number of physical
terminal compromises in payment card related breaches.
• Senior executives are 12x more likely to be the target of social
incidents, and 9x more likely to be the target of social breaches
than in previous years – and financial motivation remains the key
drive.
• Financially motivated social engineering attacks (12%) are a key
p ’ p ,
ALL levels of employees are made aware of the potential impact
of cybercrime.
Other key DBIR findings
13
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or
distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement.
Representative industry view: Financial and Insurance
14
• In this industry, we acknowledge, but
filter, over 40,000 breaches associated
with botnets to be analyzed
separately.
• Physical attacks against ATMs have
seen a decline from their heyday of
the early 2010’s. We are hopeful that
the progress made in the
implementation of EMV chips in debit
cards, influenced by the liability shift
to ATM owners, is one reason for this
decline.
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or
distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement.
Representative industry view: Healthcare
15
• Unsurprisingly, medical data is 18
times more likely to be compromised
in this industry.
• When an internal actor is involved, it is
14 times more likely to be a medical
professional such as a doctor or nurse.
• Databases are a favorite for internal
misuse, and those attacks take longer
to discover versus attacks by external
actors.
• Over 70% of all malware in this vertical
was ransomware.
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or
distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement.
• While we have observed a definite shift in attacker behavior towards cloud-
based services for email and online payment card processing systems, this does
not indicate that there are necessarily any inherent weaknesses associated with
those environments.
• Instead, we believe this to simply be a result of the attacker changing tactics
and targets to meet the corresponding change in the locations of valuable
corporate assets.
• As the victim organizations increasingly migrate to cloud based solutions, the
attackers must alter their actions in order to access and monetize those assets.
• The evolving job of the CISO/CSO is to understand how this large-scale digital
relocation changes the landscape, and how they can make known risk vectors
more or less likely.
The moral of the story…
16
“The more things change, the more they stay the same.”
Thank you!
© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved.
David Grady
david.grady@verizon.com

Mais conteúdo relacionado

Mais procurados

3 Reasons It's Time for a New Remote Access Model
3 Reasons It's Time for a New Remote Access Model3 Reasons It's Time for a New Remote Access Model
3 Reasons It's Time for a New Remote Access ModelAkamai Technologies
 
Cyber security fundamentals
Cyber security fundamentalsCyber security fundamentals
Cyber security fundamentalsCloudflare
 
What trends will 2018 bring for Business Continuity Professionals?
What trends will 2018 bring for Business Continuity Professionals?What trends will 2018 bring for Business Continuity Professionals?
What trends will 2018 bring for Business Continuity Professionals?PECB
 
Cyber Security 101
Cyber Security 101Cyber Security 101
Cyber Security 101Cloudflare
 
Cybersecurity 2020 threat landscape and its implications (AMER)
Cybersecurity 2020 threat landscape and its implications (AMER)Cybersecurity 2020 threat landscape and its implications (AMER)
Cybersecurity 2020 threat landscape and its implications (AMER)Cloudflare
 
Kona Site Defender Product Brief - Multi-layered defense to protect websites ...
Kona Site Defender Product Brief - Multi-layered defense to protect websites ...Kona Site Defender Product Brief - Multi-layered defense to protect websites ...
Kona Site Defender Product Brief - Multi-layered defense to protect websites ...Akamai Technologies
 
Top 10 AWS Security and Compliance best practices
Top 10 AWS Security and Compliance best practicesTop 10 AWS Security and Compliance best practices
Top 10 AWS Security and Compliance best practicesAhmad Khan
 
What's Hot In IT - Cybersecurity
What's Hot In IT - CybersecurityWhat's Hot In IT - Cybersecurity
What's Hot In IT - CybersecurityRow Murray
 
The Jisc vulnerability assessment management service – part 2: how to avoid t...
The Jisc vulnerability assessment management service – part 2: how to avoid t...The Jisc vulnerability assessment management service – part 2: how to avoid t...
The Jisc vulnerability assessment management service – part 2: how to avoid t...Jisc
 
Clearswift f5 integration
Clearswift f5 integrationClearswift f5 integration
Clearswift f5 integrationMarco Essomba
 
Why Zero Trust Architecture Will Become the New Normal in 2021
Why Zero Trust Architecture Will Become the New Normal in 2021Why Zero Trust Architecture Will Become the New Normal in 2021
Why Zero Trust Architecture Will Become the New Normal in 2021Cloudflare
 
Symantec Webinar | Implementing a Zero Trust Framework to Secure Modern Workf...
Symantec Webinar | Implementing a Zero Trust Framework to Secure Modern Workf...Symantec Webinar | Implementing a Zero Trust Framework to Secure Modern Workf...
Symantec Webinar | Implementing a Zero Trust Framework to Secure Modern Workf...Symantec
 
Cloudflare Partner Program 2020
Cloudflare Partner Program 2020Cloudflare Partner Program 2020
Cloudflare Partner Program 2020Dan Hollinger
 
Empowering Digital Transformation in Financial Services
Empowering Digital Transformation in Financial ServicesEmpowering Digital Transformation in Financial Services
Empowering Digital Transformation in Financial ServicesCristian Garcia G.
 
Insights into cyber security and risk
Insights into cyber security and riskInsights into cyber security and risk
Insights into cyber security and riskEY
 
Data security 2016 trends and questions
Data security 2016 trends and questionsData security 2016 trends and questions
Data security 2016 trends and questionsBill McCabe
 
Cyber Security Governance
Cyber Security GovernanceCyber Security Governance
Cyber Security GovernancePriyanka Aash
 
How Zero Trust Makes the Mission Simple & Secure
How Zero Trust Makes the Mission Simple & SecureHow Zero Trust Makes the Mission Simple & Secure
How Zero Trust Makes the Mission Simple & Securescoopnewsgroup
 

Mais procurados (20)

3 Reasons It's Time for a New Remote Access Model
3 Reasons It's Time for a New Remote Access Model3 Reasons It's Time for a New Remote Access Model
3 Reasons It's Time for a New Remote Access Model
 
Practical Security for the Cloud
Practical Security for the CloudPractical Security for the Cloud
Practical Security for the Cloud
 
Cyber security fundamentals
Cyber security fundamentalsCyber security fundamentals
Cyber security fundamentals
 
What trends will 2018 bring for Business Continuity Professionals?
What trends will 2018 bring for Business Continuity Professionals?What trends will 2018 bring for Business Continuity Professionals?
What trends will 2018 bring for Business Continuity Professionals?
 
Cyber Security 101
Cyber Security 101Cyber Security 101
Cyber Security 101
 
Cybersecurity 2020 threat landscape and its implications (AMER)
Cybersecurity 2020 threat landscape and its implications (AMER)Cybersecurity 2020 threat landscape and its implications (AMER)
Cybersecurity 2020 threat landscape and its implications (AMER)
 
Kona Site Defender Product Brief - Multi-layered defense to protect websites ...
Kona Site Defender Product Brief - Multi-layered defense to protect websites ...Kona Site Defender Product Brief - Multi-layered defense to protect websites ...
Kona Site Defender Product Brief - Multi-layered defense to protect websites ...
 
Top 10 AWS Security and Compliance best practices
Top 10 AWS Security and Compliance best practicesTop 10 AWS Security and Compliance best practices
Top 10 AWS Security and Compliance best practices
 
What's Hot In IT - Cybersecurity
What's Hot In IT - CybersecurityWhat's Hot In IT - Cybersecurity
What's Hot In IT - Cybersecurity
 
Cloud Security Governance
Cloud Security GovernanceCloud Security Governance
Cloud Security Governance
 
The Jisc vulnerability assessment management service – part 2: how to avoid t...
The Jisc vulnerability assessment management service – part 2: how to avoid t...The Jisc vulnerability assessment management service – part 2: how to avoid t...
The Jisc vulnerability assessment management service – part 2: how to avoid t...
 
Clearswift f5 integration
Clearswift f5 integrationClearswift f5 integration
Clearswift f5 integration
 
Why Zero Trust Architecture Will Become the New Normal in 2021
Why Zero Trust Architecture Will Become the New Normal in 2021Why Zero Trust Architecture Will Become the New Normal in 2021
Why Zero Trust Architecture Will Become the New Normal in 2021
 
Symantec Webinar | Implementing a Zero Trust Framework to Secure Modern Workf...
Symantec Webinar | Implementing a Zero Trust Framework to Secure Modern Workf...Symantec Webinar | Implementing a Zero Trust Framework to Secure Modern Workf...
Symantec Webinar | Implementing a Zero Trust Framework to Secure Modern Workf...
 
Cloudflare Partner Program 2020
Cloudflare Partner Program 2020Cloudflare Partner Program 2020
Cloudflare Partner Program 2020
 
Empowering Digital Transformation in Financial Services
Empowering Digital Transformation in Financial ServicesEmpowering Digital Transformation in Financial Services
Empowering Digital Transformation in Financial Services
 
Insights into cyber security and risk
Insights into cyber security and riskInsights into cyber security and risk
Insights into cyber security and risk
 
Data security 2016 trends and questions
Data security 2016 trends and questionsData security 2016 trends and questions
Data security 2016 trends and questions
 
Cyber Security Governance
Cyber Security GovernanceCyber Security Governance
Cyber Security Governance
 
How Zero Trust Makes the Mission Simple & Secure
How Zero Trust Makes the Mission Simple & SecureHow Zero Trust Makes the Mission Simple & Secure
How Zero Trust Makes the Mission Simple & Secure
 

Semelhante a Data-driven storytelling and security stakeholder engagement - FND326-S - AWS re:Inforce 2019

rsmiraldi_SAMPLE_FocusSecWhereitMatters_PPT_022819_DRAFT_V2.pdf
rsmiraldi_SAMPLE_FocusSecWhereitMatters_PPT_022819_DRAFT_V2.pdfrsmiraldi_SAMPLE_FocusSecWhereitMatters_PPT_022819_DRAFT_V2.pdf
rsmiraldi_SAMPLE_FocusSecWhereitMatters_PPT_022819_DRAFT_V2.pdfRichard Smiraldi
 
2016 Scalar Security Study Executive Summary
2016 Scalar Security Study Executive Summary2016 Scalar Security Study Executive Summary
2016 Scalar Security Study Executive Summarypatmisasi
 
Executive Summary of the 2016 Scalar Security Study
Executive Summary of the 2016 Scalar Security StudyExecutive Summary of the 2016 Scalar Security Study
Executive Summary of the 2016 Scalar Security StudyScalar Decisions
 
CynergisTek Cyber Briefing April 2022
CynergisTek Cyber Briefing April 2022CynergisTek Cyber Briefing April 2022
CynergisTek Cyber Briefing April 2022SophiaPalmira1
 
CTEK Cyber Briefing - April 2022.pptx
CTEK Cyber Briefing - April 2022.pptxCTEK Cyber Briefing - April 2022.pptx
CTEK Cyber Briefing - April 2022.pptxSophia Price
 
The Stand Against Cyber Criminals Lawyers, Take The Stand Against Cyber Crimi...
The Stand Against Cyber Criminals Lawyers, Take The Stand Against Cyber Crimi...The Stand Against Cyber Criminals Lawyers, Take The Stand Against Cyber Crimi...
The Stand Against Cyber Criminals Lawyers, Take The Stand Against Cyber Crimi...Symantec
 
Big Iron to Big Data Analytics for Security, Compliance, and the Mainframe
Big Iron to Big Data Analytics for Security, Compliance, and the MainframeBig Iron to Big Data Analytics for Security, Compliance, and the Mainframe
Big Iron to Big Data Analytics for Security, Compliance, and the MainframePrecisely
 
Security - intelligence - maturity-model-ciso-whitepaper
Security - intelligence - maturity-model-ciso-whitepaperSecurity - intelligence - maturity-model-ciso-whitepaper
Security - intelligence - maturity-model-ciso-whitepaperCMR WORLD TECH
 
Cyber Security - Things you need to know
Cyber Security - Things you need to knowCyber Security - Things you need to know
Cyber Security - Things you need to knowNathan Desfontaines
 
Rcs triumfant watchful_webinar_final
Rcs triumfant watchful_webinar_finalRcs triumfant watchful_webinar_final
Rcs triumfant watchful_webinar_finalPatrick Florer
 
Insider_Threats_in_Healthcare_1651617236.pdf
Insider_Threats_in_Healthcare_1651617236.pdfInsider_Threats_in_Healthcare_1651617236.pdf
Insider_Threats_in_Healthcare_1651617236.pdframsetl
 
Cybersecurity: Perceptions & Practices
Cybersecurity: Perceptions & PracticesCybersecurity: Perceptions & Practices
Cybersecurity: Perceptions & PracticesJoseph DeFever
 
Cyber Threat Intelligence.pptx
Cyber Threat Intelligence.pptxCyber Threat Intelligence.pptx
Cyber Threat Intelligence.pptxAbimbolaFisher1
 
Bug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
Bug Bounties, Ransomware, and Other Cyber Hype for Legal CounselBug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
Bug Bounties, Ransomware, and Other Cyber Hype for Legal Counselbugcrowd
 
Bug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
Bug Bounties, Ransomware, and Other Cyber Hype for Legal CounselBug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
Bug Bounties, Ransomware, and Other Cyber Hype for Legal CounselCasey Ellis
 
MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...
MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...
MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...Casey Ellis
 
Introduction to Incident Response Management
Introduction to Incident Response ManagementIntroduction to Incident Response Management
Introduction to Incident Response ManagementDon Caeiro
 
The Protocol Of Operations Of Bank Solutions Essay
The Protocol Of Operations Of Bank Solutions EssayThe Protocol Of Operations Of Bank Solutions Essay
The Protocol Of Operations Of Bank Solutions EssayVeronica Garcia
 
Perception Gaps in Cyber Resilience: What Are Your Blind Spots?
Perception Gaps in Cyber Resilience: What Are Your Blind Spots?Perception Gaps in Cyber Resilience: What Are Your Blind Spots?
Perception Gaps in Cyber Resilience: What Are Your Blind Spots?Sarah Nirschl
 

Semelhante a Data-driven storytelling and security stakeholder engagement - FND326-S - AWS re:Inforce 2019 (20)

rsmiraldi_SAMPLE_FocusSecWhereitMatters_PPT_022819_DRAFT_V2.pdf
rsmiraldi_SAMPLE_FocusSecWhereitMatters_PPT_022819_DRAFT_V2.pdfrsmiraldi_SAMPLE_FocusSecWhereitMatters_PPT_022819_DRAFT_V2.pdf
rsmiraldi_SAMPLE_FocusSecWhereitMatters_PPT_022819_DRAFT_V2.pdf
 
2016 Scalar Security Study Executive Summary
2016 Scalar Security Study Executive Summary2016 Scalar Security Study Executive Summary
2016 Scalar Security Study Executive Summary
 
Executive Summary of the 2016 Scalar Security Study
Executive Summary of the 2016 Scalar Security StudyExecutive Summary of the 2016 Scalar Security Study
Executive Summary of the 2016 Scalar Security Study
 
Cybersecurity - Sam Maccherola
Cybersecurity - Sam MaccherolaCybersecurity - Sam Maccherola
Cybersecurity - Sam Maccherola
 
CynergisTek Cyber Briefing April 2022
CynergisTek Cyber Briefing April 2022CynergisTek Cyber Briefing April 2022
CynergisTek Cyber Briefing April 2022
 
CTEK Cyber Briefing - April 2022.pptx
CTEK Cyber Briefing - April 2022.pptxCTEK Cyber Briefing - April 2022.pptx
CTEK Cyber Briefing - April 2022.pptx
 
The Stand Against Cyber Criminals Lawyers, Take The Stand Against Cyber Crimi...
The Stand Against Cyber Criminals Lawyers, Take The Stand Against Cyber Crimi...The Stand Against Cyber Criminals Lawyers, Take The Stand Against Cyber Crimi...
The Stand Against Cyber Criminals Lawyers, Take The Stand Against Cyber Crimi...
 
Big Iron to Big Data Analytics for Security, Compliance, and the Mainframe
Big Iron to Big Data Analytics for Security, Compliance, and the MainframeBig Iron to Big Data Analytics for Security, Compliance, and the Mainframe
Big Iron to Big Data Analytics for Security, Compliance, and the Mainframe
 
Security - intelligence - maturity-model-ciso-whitepaper
Security - intelligence - maturity-model-ciso-whitepaperSecurity - intelligence - maturity-model-ciso-whitepaper
Security - intelligence - maturity-model-ciso-whitepaper
 
Cyber Security - Things you need to know
Cyber Security - Things you need to knowCyber Security - Things you need to know
Cyber Security - Things you need to know
 
Rcs triumfant watchful_webinar_final
Rcs triumfant watchful_webinar_finalRcs triumfant watchful_webinar_final
Rcs triumfant watchful_webinar_final
 
Insider_Threats_in_Healthcare_1651617236.pdf
Insider_Threats_in_Healthcare_1651617236.pdfInsider_Threats_in_Healthcare_1651617236.pdf
Insider_Threats_in_Healthcare_1651617236.pdf
 
Cybersecurity: Perceptions & Practices
Cybersecurity: Perceptions & PracticesCybersecurity: Perceptions & Practices
Cybersecurity: Perceptions & Practices
 
Cyber Threat Intelligence.pptx
Cyber Threat Intelligence.pptxCyber Threat Intelligence.pptx
Cyber Threat Intelligence.pptx
 
Bug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
Bug Bounties, Ransomware, and Other Cyber Hype for Legal CounselBug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
Bug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
 
Bug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
Bug Bounties, Ransomware, and Other Cyber Hype for Legal CounselBug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
Bug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
 
MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...
MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...
MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...
 
Introduction to Incident Response Management
Introduction to Incident Response ManagementIntroduction to Incident Response Management
Introduction to Incident Response Management
 
The Protocol Of Operations Of Bank Solutions Essay
The Protocol Of Operations Of Bank Solutions EssayThe Protocol Of Operations Of Bank Solutions Essay
The Protocol Of Operations Of Bank Solutions Essay
 
Perception Gaps in Cyber Resilience: What Are Your Blind Spots?
Perception Gaps in Cyber Resilience: What Are Your Blind Spots?Perception Gaps in Cyber Resilience: What Are Your Blind Spots?
Perception Gaps in Cyber Resilience: What Are Your Blind Spots?
 

Mais de Amazon Web Services

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Amazon Web Services
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Amazon Web Services
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateAmazon Web Services
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSAmazon Web Services
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Amazon Web Services
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Amazon Web Services
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...Amazon Web Services
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsAmazon Web Services
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareAmazon Web Services
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSAmazon Web Services
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAmazon Web Services
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareAmazon Web Services
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWSAmazon Web Services
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckAmazon Web Services
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without serversAmazon Web Services
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...Amazon Web Services
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceAmazon Web Services
 

Mais de Amazon Web Services (20)

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS Fargate
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWS
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot
 
Open banking as a service
Open banking as a serviceOpen banking as a service
Open banking as a service
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
 
Computer Vision con AWS
Computer Vision con AWSComputer Vision con AWS
Computer Vision con AWS
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatare
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e web
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWS
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch Deck
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without servers
 
Fundraising Essentials
Fundraising EssentialsFundraising Essentials
Fundraising Essentials
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container Service
 

Data-driven storytelling and security stakeholder engagement - FND326-S - AWS re:Inforce 2019

  • 1. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Data-driven storytelling and security stakeholder engagement David Grady Security Evangelist Verizon Enterprise Solutions F N D 3 2 6 - S
  • 2. Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement.
  • 3. Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. To rally your coalition, focus on outcomes, not the process. Enhanceyour visibility of cyber risk Minimize impact and quickly restore operations Detect and respond to cyber attacks faster Protect the attack surface
  • 4. Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. Rocket science is important, of course… • VerizonRisk Report • VerizonThreat Intelligence Platform • Vulnerabilitymanagement o Vulnerability management o Penetration testing • Securityrisk assessment & complianceservices o Business Security Assessment o Security Architecture Review (SAR) o PCI Compliance o Operational technology security assessment o Device testing and certification (ICSA) o Asset discovery / classification • Securitystrategyadvisory • Securegateway solutions o Secure Cloud Gateway o Virtual Network Services - Security o Managed Trusted Internet Protocol • Device& endpointmanagement o Device Health and Availability o Policy & Configuration Management • Web defense o DDOS Shield o DNS Safeguard o Email security • Identity& access management solutions o Managed Certificate Services o Verizon ID (Identity Verification) • Cloud securitysolutions • Mobilesecuritysolutions o Enterprise Mobility Management (MDM?) o IoT Security Credentialing • Softwaredefinedperimeter • Manageddetection& response solutions o Managed Security Services-Analytics o Network detection & responsesolutions o Autonomous Threat Hunting o Managed endpoint detection (Cylance Optics) • Managedendpointsolutions • MachineState Integrity • Deception-as-a-service • HybridSOC solutions o Managed SIEM o Advanced Security Operations Center • Breach investigationsand response • Rapid responseretainer • Attack detectionassessment • Incidentresponseplanning Enhanceyour visibility of cyber risk Minimize impact and quickly restore operations Detect and respond to cyber attacks faster Protect the attack surface
  • 5. Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 5 Failure (to communicate effectively) is not an option. Despite working harder than ever, CISOs and their teams appear to be losing the “perception battle.” Effective storytelling can rectify this. % of organizational leaders are briefed on risk topics at every senior leadership meeting despite security being a top concern % of board directors and C-level execs say they lack confidence in their organization’s level of cybersecurity 87 % of organizations believe that malicious attacks are on the rise y/y, but 48% lack confidence in their teams’ ability to address complex attacks 21 53 Source: 2017 ISACA State of Cyber Security Report.
  • 6. Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. Use data to tell stories. • Leverage available research to help stakeholders understand cyber threats. • Use data to focus attention on the probability of a specific type of compromise, rather than every possibility. • Actively engage stakeholders across the entire organization. • Collaborate on risk tolerance, security priorities and incident response.
  • 7. 7 Use stories to educate and influence your stakeholders.
  • 8. Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. Use it to validate your strategy, course-correct – and tell stories that lead to action. 2019 Data Breach Investigations Report (DBIR) is brimming with actionable security data. 8 12 years 86 countries 73 contributors 41,686 security incidents 2,013 data breaches
  • 9. Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. Back in 2014 we identified nine incident patterns that cover most of the threats likely to be faced. 98.5% of security incidents and 88.0% of confirmed data breaches continue to fall into these patterns across the 2019 report. Pattern consistency allows security professionals to prioritize spend when looking at investments in IT/OT/IoT Security. Key DBIR findings. 9
  • 10. Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 10 Shift in attacker behavior towards cloud-based services Compromise of web-based email accounts using stolen credentials (98%) is rising (seen in 60% of attacks involving hacking a web application.) Publishing errors in the cloud are increasing year-over-year, exposing at least 60 million records analyzed in the DBIR dataset. This (misconfiguration) accounts for 21% of breaches caused by errors.
  • 11. Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. Unbroken Chains – Path-based attack analysis 11 • Most of the successful attacks are short, likely because it is both cheaper and easier for the attacker (or the breach is simply due to a single error).
  • 12. Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. Unbroken Chains – Path-based attack analysis 12 • When you examine the attack paths, the “malware” threat action variety usually doesn't begin a breach (it is normally a second or later step in the compromise). • Also, breaches rarely end with a “social” action (so if you see a social attack, you can expect more to follow).
  • 13. Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. • One quarter of all breaches are still associated with espionage. • External threat actors are still the primary force behind attacks (69% of breaches) with insiders accounting for 34%. • Chip and PIN payment technology has started delivering security dividends - the number of payment card web application compromises is close to exceeding the number of physical terminal compromises in payment card related breaches. • Senior executives are 12x more likely to be the target of social incidents, and 9x more likely to be the target of social breaches than in previous years – and financial motivation remains the key drive. • Financially motivated social engineering attacks (12%) are a key p ’ p , ALL levels of employees are made aware of the potential impact of cybercrime. Other key DBIR findings 13
  • 14. Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. Representative industry view: Financial and Insurance 14 • In this industry, we acknowledge, but filter, over 40,000 breaches associated with botnets to be analyzed separately. • Physical attacks against ATMs have seen a decline from their heyday of the early 2010’s. We are hopeful that the progress made in the implementation of EMV chips in debit cards, influenced by the liability shift to ATM owners, is one reason for this decline.
  • 15. Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. Representative industry view: Healthcare 15 • Unsurprisingly, medical data is 18 times more likely to be compromised in this industry. • When an internal actor is involved, it is 14 times more likely to be a medical professional such as a doctor or nurse. • Databases are a favorite for internal misuse, and those attacks take longer to discover versus attacks by external actors. • Over 70% of all malware in this vertical was ransomware.
  • 16. Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. • While we have observed a definite shift in attacker behavior towards cloud- based services for email and online payment card processing systems, this does not indicate that there are necessarily any inherent weaknesses associated with those environments. • Instead, we believe this to simply be a result of the attacker changing tactics and targets to meet the corresponding change in the locations of valuable corporate assets. • As the victim organizations increasingly migrate to cloud based solutions, the attackers must alter their actions in order to access and monetize those assets. • The evolving job of the CISO/CSO is to understand how this large-scale digital relocation changes the landscape, and how they can make known risk vectors more or less likely. The moral of the story… 16 “The more things change, the more they stay the same.”
  • 17. Thank you! © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. David Grady david.grady@verizon.com