Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Breaking the Vulnerability Cycle—Key Findings from 100 CISOs

272 views

Published on

We surveyed 100 CISOs and security decision makers and found that today’s application security teams are facing 3 distinct issues that lead to vulnerability:
1. Active and efficient adversaries
2. A ballooning attack surface
3. Cybersecurity resource shortage

When combined, these adverse conditions form a ‘vulnerability cycle’ – leaving organizations susceptible to a breach or worse.

Attend this webinar and you will:
- Get plans to combat these 3 issues in 2017
- Learn how to dissect each component of the vulnerability cycle
- Discover security tools and best practices
- Find out top CISO investments for 2017

Published in: Technology
  • Be the first to comment

  • Be the first to like this

Breaking the Vulnerability Cycle—Key Findings from 100 CISOs

  1. 1. September 2016 BREAKING THE VULNERABILITY CYCLE KEY FINDINGS FROM 100 CISOS
  2. 2. 2 JASON HADDIX HEAD OF TRUST AND SECURITY BRAD ARKIN CISO ADOBE SYSTEMS SPEAKERS KIM GREEN CISO ZEPHYR HEALTH
  3. 3. AGENDA • Dissect each component of the Vulnerability Cycle • Explore top CISO challenges and opportunities for 2017 • Security tools and best practices 3
  4. 4. TOP CISO CHALLENGES IN APPSEC 4
  5. 5. WHAT ISSUES ARE WE ADDRESSING? 5 Ballooning attack surface Cybersecurity resource shortage Broken status-quo Active, efficient adversaries Breaking the status quo Active Efficient Adversaries Ballooning Attack Surface Cybersecurity Resource Shortage
  6. 6. ACTIVE AND EFFICIENT ADVERSARIES 6 Hacking is overwhelmingly the leading cause of data breaches 0% 10% 20% 30% 40% 50% 60% 2007 2008 2009 2010 2011 2012 2013 2014 2015 2016 AxisTitle Insider Theft Hacking / Skimming / Phishing Data on the Move Accidental Email/ Internet Exposure Subcontractor / 3rd Party / Business Associate Employee Error / Negligence / Improper Disposal / Loss Physical Theft
  7. 7. BALLOONING ATTACK SURFACE 7 Application security becoming increasingly important
  8. 8. STAFFING AND RESOURCING CHALLENGES 8 The cybersecurity job gap is at an all time high
  9. 9. September 2016 9 POLL
  10. 10. SECURITY TOOLS AND BEST PRACTICES 10
  11. 11. SECURITY TOOLS AND PRACTICES IN USE 11
  12. 12. AND STILL, WE’RE LEFT VULNERABLE 12 Time Automation Pen Test Zone of Vulnerability Blindness Zone of Vulnerability Blindness Code Release Code Release Vulnerability Awareness Pen Test
  13. 13. BUG BOUNTY DELIVERS CONTINUOUS VULNERABILITY ASSESSMENT 13 Code Release Code Release Vulnerability Awareness
  14. 14. VARIATIONS OF BUG BOUNTY PROGRAMS 14 Private ongoing program Public ongoing program Point-in-time “On-Demand” programs Public Private
  15. 15. BUG BOUNTIES MEET SECURITY NEEDS 15 • Addresses staffing and resourcing challenges • Works within appsec budgeting constraints • Improves internal security culture and supports training initiatives
  16. 16. 16 Only crazy tech companies run bug bounty programs Bug bounties don’t attract talented testers or results They’re too hard to manage and too expensive Running a bounty program is too risky PERCEIVED CHALLENGES IN RUNNING A BOUNTY PROGRAM
  17. 17. Financial Services Consumer Tech Retail & Ecommerce Infrastructure Technology Automotive Security Technology Other WIDE ADOPTION OF CROWDSOURCED SECURITY 17
  18. 18. A RADICAL CYBER SECURITY ADVANTAGE: Enterprise Bug Bounty Solutions & Hackers On-Demand • 300+ Programs run • Every program is managed by Bugcrowd • Deep researcher engagement and support • No confusing pricing models and no bounty commissions • 50,000+ researchers 18 Curated Crowd that Thinks like an Adversary but acts as an ally to Find Vulnerabilities A Platform That Simplifies Connecting Researchers to Organizations, Saving You Time and Money Security Expertise To Design, Support, and Manage Crowd Security Programs
  19. 19. 19 JASON HADDIX HEAD OF TRUST AND SECURITY BRAD ARKIN CISO ADOBE SYSTEMS Q&A KIM GREEN CISO ZEPHYR HEALTH @JHADDIX @KIM1GREEN @BRADARKIN
  20. 20. GET THE FULL DATA SET FROM THIS SESSION 20

×