Completing the Risk Picture: Adding a business intelligence and collaborative approach to cybersecurity
•Download as PPT, PDF•
0 likes•364 views
Recommended
Recommended
More Related Content
What's hot
What's hot (8)
Viewers also liked
Viewers also liked (20)
Similar to Completing the Risk Picture: Adding a business intelligence and collaborative approach to cybersecurity
Similar to Completing the Risk Picture: Adding a business intelligence and collaborative approach to cybersecurity (20)
More from SurfWatch Labs
More from SurfWatch Labs (16)
Recently uploaded
Recently uploaded (20)
Completing the Risk Picture: Adding a business intelligence and collaborative approach to cybersecurity
- 1. Completing the Risk Picture: Adding a Business Intelligence and Collaborative Approach to Cybersecurity
- 2. How Would You Grade Your Cyber Risk Posture Today? 2
- 3. What is the Common Theme? 3
- 4. Cyber Events Trickle Up 4 • Small/individual cyber incidents can lead to much more damage • C-Suite and BoDs are being held responsible
- 5. Are You Looking at the Entire Puzzle? 5
- 6. A Single Lens View is Doomed • Studying a problem from every angle and every level always leads to more practical solutions and quicker (re)action. 6
- 7. What’s Going On Outside Matters 7
- 8. 8 Context is Key OR
- 9. Can You Answer Critical Cyber Risk Questions? 9
- 10. What Does the Financial Industry’s Risk Landscape Look Like? 10
- 11. Financial Industry Cyber Risks 11
- 12. Learn. Share. Collaborate. Keeping quiet helps no one… EXCEPT the bad guys 12
- 13. 13
- 14. Are You Spending in The Right Areas? 14
- 15. Any Change to How You Would Rate Your Cyber Risk Posture Now? 15
- 17. Cyber Risk Intelligence 17 Who We Are & What We Do •Engineering team led by former US Intelligence Analysts •Business intelligence approach to cybersecurity – Massive data warehouse and powerful cyber risk analytics – Practical “risk-sensing” solutions •Founded in 2013 •Series A Financing 2014
- 18. Additional Resources 18 • Cyber Risk Report – A Look at the 1st Half of 2014 http://info.surfwatchlabs.com/Sample-Cyber-Risk-Report • Whitepaper – Big Data, Big Mess: Cyber Risk Intelligence Through “Complete Context” http://info.surfwatchlabs.com/big-data-security-analytics • Webinar – Tips to Shore up Cyber Risks in the Supply Chain https://webinar.informationweek.com/18797?keycode=CAA1AC
- 19. Thank You! www.surfwatchlabs.com Follow us at:
Editor's Notes
- Physical and online transactions – all provide gateways to bad guys to steal information, whether banking info, ss#, PII, credit card info, access credentials and more.
- C-suite and board is ultimately responsible as we’ve seen in the Target breach and others…
- When it comes to addressing cyber risks the common approach is to look inward at the company’s network, employees, etc. This is an important aspect of improving security but it is only part of the puzzle. Understanding your institution’s cyber risk also requires looking outside your company walls… Continuous awareness of our own cyber risks compared to what’s possible and what’s happening around us right now is one of the missing pieces in current cyberdefense practices.
- We focus so much on looking down the barrel of individual microscopes, we get lost in all the low-level noise that’s far too focused on only a few dimensions of the problem.
- This is an exact piece of information out of a threat intelligence system. It is low-level and has no immediately understood meaning to a business. Even a security professional needs to go research this and determine if it is relevant to their organization’s specific business domain and industry. For the enterprise – requires teams of security analysts to manually research these types of alerts every day, taking anywhere from 15-20min per alert to an entire day to understand relevancy and impact For small business – low-level threat intelligence isn’t relevant because skillset to process it isn’t there. But in a complete business context it is something a small business can understand and act on or use to keep tabs on their third party provider/outsourcer
- Has your accounting software been named a “back door” for cybercriminals? What types of systems are trending as targets in my industry sector? What software and systems used in my supply chain have been exploited this year? In each instance, how was the attack carried out?
- Helps organizations immediately understand the potential for cyber-attacks, determine the impact to their business and proactively address threats head on. For the enterprise – highly relevant, timely and accurate risk intelligence that is consumable by all invested parties in the enterprise (security, C-level, business analyst, risk officers) For the small bus – security analytics powering applications purpose-built for small business to make cyber simple… At the core is SurfWatch Analytics – automatically collects, standardizes and analyzes volumes of structured and unstructured information (data inputs at bottom going into the engine). Analytics are available through API access and through monthly executive-level reports that include the analytics with additional insights from SurfWatch Cyber Analysts. Data comes from social, news and blogs, security and threat data feeds, vulnerability databases, etc. PLUS from SurfWatch users (through HackSurfer, Risk Monitor, Market) Analytics is the foundation: We are building applications for SMB (Risk Monitor and Market) Data and analytics powers the HackSurfer security community Powers custom applications and integrations (cyber defense, threat intel, news services, etc.)