Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Data-driven storytelling and security stakeholder engagement - FND326-S - AWS re:Inforce 2019

554 views

Published on

Storytelling is a powerful tool for cybersecurity leaders aiming to improve communication with IT and non-IT stakeholders alike; the most trusted advisors are effective storytellers. With the right data—like the recently released 2019 Verizon Data Breach Investigations Report—CISOs and their teams can tell meaningful and relevant stories that help organizations strengthen their security cultures and empower executives to make better decisions about resource allocation and risk tolerance.

  • Be the first to comment

  • Be the first to like this

Data-driven storytelling and security stakeholder engagement - FND326-S - AWS re:Inforce 2019

  1. 1. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Data-driven storytelling and security stakeholder engagement David Grady Security Evangelist Verizon Enterprise Solutions F N D 3 2 6 - S
  2. 2. Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement.
  3. 3. Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. To rally your coalition, focus on outcomes, not the process. Enhanceyour visibility of cyber risk Minimize impact and quickly restore operations Detect and respond to cyber attacks faster Protect the attack surface
  4. 4. Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. Rocket science is important, of course… • VerizonRisk Report • VerizonThreat Intelligence Platform • Vulnerabilitymanagement o Vulnerability management o Penetration testing • Securityrisk assessment & complianceservices o Business Security Assessment o Security Architecture Review (SAR) o PCI Compliance o Operational technology security assessment o Device testing and certification (ICSA) o Asset discovery / classification • Securitystrategyadvisory • Securegateway solutions o Secure Cloud Gateway o Virtual Network Services - Security o Managed Trusted Internet Protocol • Device& endpointmanagement o Device Health and Availability o Policy & Configuration Management • Web defense o DDOS Shield o DNS Safeguard o Email security • Identity& access management solutions o Managed Certificate Services o Verizon ID (Identity Verification) • Cloud securitysolutions • Mobilesecuritysolutions o Enterprise Mobility Management (MDM?) o IoT Security Credentialing • Softwaredefinedperimeter • Manageddetection& response solutions o Managed Security Services-Analytics o Network detection & responsesolutions o Autonomous Threat Hunting o Managed endpoint detection (Cylance Optics) • Managedendpointsolutions • MachineState Integrity • Deception-as-a-service • HybridSOC solutions o Managed SIEM o Advanced Security Operations Center • Breach investigationsand response • Rapid responseretainer • Attack detectionassessment • Incidentresponseplanning Enhanceyour visibility of cyber risk Minimize impact and quickly restore operations Detect and respond to cyber attacks faster Protect the attack surface
  5. 5. Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 5 Failure (to communicate effectively) is not an option. Despite working harder than ever, CISOs and their teams appear to be losing the “perception battle.” Effective storytelling can rectify this. % of organizational leaders are briefed on risk topics at every senior leadership meeting despite security being a top concern % of board directors and C-level execs say they lack confidence in their organization’s level of cybersecurity 87 % of organizations believe that malicious attacks are on the rise y/y, but 48% lack confidence in their teams’ ability to address complex attacks 21 53 Source: 2017 ISACA State of Cyber Security Report.
  6. 6. Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. Use data to tell stories. • Leverage available research to help stakeholders understand cyber threats. • Use data to focus attention on the probability of a specific type of compromise, rather than every possibility. • Actively engage stakeholders across the entire organization. • Collaborate on risk tolerance, security priorities and incident response.
  7. 7. 7 Use stories to educate and influence your stakeholders.
  8. 8. Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. Use it to validate your strategy, course-correct – and tell stories that lead to action. 2019 Data Breach Investigations Report (DBIR) is brimming with actionable security data. 8 12 years 86 countries 73 contributors 41,686 security incidents 2,013 data breaches
  9. 9. Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. Back in 2014 we identified nine incident patterns that cover most of the threats likely to be faced. 98.5% of security incidents and 88.0% of confirmed data breaches continue to fall into these patterns across the 2019 report. Pattern consistency allows security professionals to prioritize spend when looking at investments in IT/OT/IoT Security. Key DBIR findings. 9
  10. 10. Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 10 Shift in attacker behavior towards cloud-based services Compromise of web-based email accounts using stolen credentials (98%) is rising (seen in 60% of attacks involving hacking a web application.) Publishing errors in the cloud are increasing year-over-year, exposing at least 60 million records analyzed in the DBIR dataset. This (misconfiguration) accounts for 21% of breaches caused by errors.
  11. 11. Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. Unbroken Chains – Path-based attack analysis 11 • Most of the successful attacks are short, likely because it is both cheaper and easier for the attacker (or the breach is simply due to a single error).
  12. 12. Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. Unbroken Chains – Path-based attack analysis 12 • When you examine the attack paths, the “malware” threat action variety usually doesn't begin a breach (it is normally a second or later step in the compromise). • Also, breaches rarely end with a “social” action (so if you see a social attack, you can expect more to follow).
  13. 13. Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. • One quarter of all breaches are still associated with espionage. • External threat actors are still the primary force behind attacks (69% of breaches) with insiders accounting for 34%. • Chip and PIN payment technology has started delivering security dividends - the number of payment card web application compromises is close to exceeding the number of physical terminal compromises in payment card related breaches. • Senior executives are 12x more likely to be the target of social incidents, and 9x more likely to be the target of social breaches than in previous years – and financial motivation remains the key drive. • Financially motivated social engineering attacks (12%) are a key p ’ p , ALL levels of employees are made aware of the potential impact of cybercrime. Other key DBIR findings 13
  14. 14. Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. Representative industry view: Financial and Insurance 14 • In this industry, we acknowledge, but filter, over 40,000 breaches associated with botnets to be analyzed separately. • Physical attacks against ATMs have seen a decline from their heyday of the early 2010’s. We are hopeful that the progress made in the implementation of EMV chips in debit cards, influenced by the liability shift to ATM owners, is one reason for this decline.
  15. 15. Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. Representative industry view: Healthcare 15 • Unsurprisingly, medical data is 18 times more likely to be compromised in this industry. • When an internal actor is involved, it is 14 times more likely to be a medical professional such as a doctor or nurse. • Databases are a favorite for internal misuse, and those attacks take longer to discover versus attacks by external actors. • Over 70% of all malware in this vertical was ransomware.
  16. 16. Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. • While we have observed a definite shift in attacker behavior towards cloud- based services for email and online payment card processing systems, this does not indicate that there are necessarily any inherent weaknesses associated with those environments. • Instead, we believe this to simply be a result of the attacker changing tactics and targets to meet the corresponding change in the locations of valuable corporate assets. • As the victim organizations increasingly migrate to cloud based solutions, the attackers must alter their actions in order to access and monetize those assets. • The evolving job of the CISO/CSO is to understand how this large-scale digital relocation changes the landscape, and how they can make known risk vectors more or less likely. The moral of the story… 16 “The more things change, the more they stay the same.”
  17. 17. Thank you! © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. David Grady david.grady@verizon.com

×